Onward Security HERCULES SecDevice

Additional Info

CompanyOnward Security
Company size (employees)50 to 99
Type of solutionHybrid


HERCULES SecDevice is a leading security assessment tool designed for connected products, including embedded devices, IoT, IIoT devices, and others operated on Ethernet/IP devices. The security technology of HERCULES SecDevice serves vulnerabilities detection, security analysis, security issue solution, and security standard compliance by applying various testing methods.

HERCULES SecDevice provides comprehensive cybersecurity testing for embedded and IoT security. An intelligent fuzzing technique with more than 40 protocols is used to uncover unknown and zero-day vulnerabilities, which verifies if this device contains errors or faults. Other testing methods including DoS, network and web vulnerability tests to check for known vulnerabilities in the operating system, web applications, web pages, network protocols, and wireless connection within embedded devices.

HERCULES SecDevice enables users to reduce the testing time, save on labor costs, and operation variations, which maximizes efficiency and minimizes the risks of the product by applying in automated testing. HERCULES SecDevice automated testing uses the programmatic analytical algorithm to evaluate the confidentiality, integrity, and availability, and it covers over 60 percent of existing manual testing items for the most common security test case. The test case will be updated according to the latest vulnerability information to shorten response time, it reduces the testing response time from 3 months to 1-2 weeks.

The intelligent analysis generated by SecDevice automated testing assists testers to identify security vulnerabilities and risks. In addition, detailed solutions are included in the testing analysis. The intelligence of SecDevice can be used to ensure that the organizations are in compliance with IEC62443, OWASP Top 10 Most Critical Web Application Security Risks and CWE/SANS Top 25 Most Dangerous Software Errors and other international security standards.

How we are different

- Machine Learning-Based Fuzzer
HERCULES SecDevice doesn’t stop at just uncovering unknown vulnerabilities, it also tests embedded devices and other connected products for any known vulnerabilities through multiple and various attack methods. In addition, Onward security keeps focused on patented technology in reverse engineering communication protocols. The proposed patent, PACKET ANALYSIS APPARATUS, METHOD, AND NON-TRANSITORY COMPUTER READABLE MEDIUM THEREOF, got approved in ROC, US, and Japan. This year, Onward applies one more patent to solve the issues of determining the behavior of the device under test. The technologies above could enhance the accuracy of exploited vulnerabilities and help more vendors to improve the robustness of their products.

- Adaptive and Auto-probe Testing
Once a test is configured, the whole process will be automated as HERCULES SecDevice supports device restart and re-scan, and SecDevice can be connected to multiple test targets as well. HERCULES SecDevice is designed to assist vendors in saving time and resources during testing, and it allows the developer to identify security issues and correct the vulnerability as soon as possible. Following the procedure of penetration testing, HERCULES SecDevice recognizes the device under test (DUT), scans the service which the one provided, evaluates the vulnerability, and creates a report. All the stuffing above no human intervention is required.

- Compliance Mapping
HERCULES SecDevice built-in compliance reports assist customers to meet the international security standards and the test cases, such as IEC 62443-4-2, FDA Cybersecurity Requirement. The compliance reports are used to understand the corresponding policy and test cases, which help developers to optimize or update the software of DUT according to the security compliance to acquire the certification.